| Revision Date: | 2014-11-10 | Version: | 1 | | Title: | CVE-2014-3647 on Ubuntu 16.04 LTS (xenial) - high. | | Description: | arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application. arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application. A guest user with access to I/O or MMIO region can use this flaw to crash the guest. Nadav Amit reported that the KVM (Kernel Virtual Machine) mishandles noncanonical addresses when emulating instructions that change the rip (Instruction Pointer). A guest user with access to I/O or the MMIO can use this flaw to cause a denial of service (system crash) of the guest.
| | Family: | unix | Class: | vulnerability | | Status: | | Reference(s): | CVE-2014-3647
| | Platform(s): | Ubuntu 16.04 LTS
| Product(s): | | | Definition Synopsis | | Ubuntu 16.04 LTS (xenial) is installed. AND Package Information
NOT While related to the CVE in some way, the 'linux' package in xenial is not affected (note: '4.2.0-16.19').
OR NOT While related to the CVE in some way, the 'linux-aws' package in xenial is not affected (note: '4.4.0-1001.10').
OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned').
OR NOT While related to the CVE in some way, the 'linux-gke' package in xenial is not affected (note: '4.4.0-1003.3').
OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned').
OR NOT While related to the CVE in some way, the 'linux-hwe' package in xenial is not affected (note: '4.8.0-36.36~16.04.1').
OR NOT While related to the CVE in some way, the 'linux-hwe-edge' package in xenial is not affected (note: '4.8.0-36.36~16.04.1').
OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned').
OR NOT While related to the CVE in some way, the 'linux-raspi2' package in xenial is not affected (note: '4.2.0-1013.19').
OR NOT While related to the CVE in some way, the 'linux-snapdragon' package in xenial is not affected (note: '4.4.0-1012.12').
|
|